When you’re trying to parlay a multi-factor authentication (MFA) product into a solution that complies with current requirements and stays ahead of future ones, it’s hard to tell which way the ship is sailing — especially when you run up against parts that are more what you’d call guidelines than actual rules. Payment Card Industry Data Security Standards (PCI DSS) 3.2 went into effect in October 2016, with requirement 8.3.1 (expanded use of MFA) coming into effect on February 1, 2018. In the meantime, the PCI Council has come out with an MFA Supplement that sets forth some guidelines that may possibly be incorporated into the standard at some point in the future.
Now, Duo helps meet these guidelines, with features such as:
- Policies to prevent authentication login from specific locations, networks or IP addresses
- Strong authentication with Security Element (SE) or U2F
- An easy to use out-of-band authentication factor (Duo Push, based on asymmetric keys)